Control Administrator Access
Managing privileged passwords, including local administrator, service
account and embedded application passwords, is a challenge in most
There are often too many passwords, distributed across too
many devices, with too many inter-dependencies. As a result,
privileged passwords are often static, simple and well-known.
IT staff often retain privileged passwords long after they leave
and attackers have long time windows to attack service and application
These security problems may violate regulatory requirements for privacy
protection or transparent corporate governance.
Privileged access management
systems secure access to
administrator and other accounts with
elevated privileges on systems and applications. This is typically
done through a combination of:
- Discovering systems and applications where privileged accounts
- Extracting a list of accounts from each system.
- Applying policy to determine which accounts to manage.
- Periodically randomizing passwords to these accounts.
- Storing these random passwords in a secure
- Authenticating users who need to access these accounts.
- Applying access control policy to determine what users are allowed
access to which privileged accounts.
- Providing one or more access
disclosure mechanisms to connect
approved users to privileged accounts.
- Controlling how many users may concurrently sign into the same
- Logging and reporting on this access.
Hitachi ID Privileged Access Manager secures privileged accounts on an enterprise scale:
- It periodically randomizes every privileged password.
- Users must sign into Privileged Access Manager when they need to use a
privileged account. Multi-factor authentication can be required.
- Privileged Access Manager launches login sessions on behalf of users,
without displaying passwords -- single sign-on.
- Logins to privileged user accounts can be recorded, including screen
capture and keyboard logging. This creates strong accountability
and forensic audit trails.
Return to Identity Management Concepts